'9999', 'MSG'=>''); try { $cd_userid=trim(avoid_crack($_POST["cd_userid"])); $nm_pass=trim(avoid_crack($_POST["nm_pass"])); $url=trim(avoid_crack($_POST["url"])); if($cd_userid == "" || $nm_pass ==""){ throw new Exception("입력하신 정보가 올바르지 않거나 권한이 없습니다.", "9990"); } if(!$url) $url=ADMIN_PATH."admin/admin_list.php?"; // if($_SERVER['REMOTE_ADDR'] == '220.86.24.199') { // $chk1=@mysql_result(mysql_query("select count(cd_userid) from admin_info where cd_userid='$cd_userid' and ds_open='Y' and ds_delind='N'"),0,0); // }else { // $chk1=@mysql_result(mysql_query("select count(cd_userid) from admin_info where cd_userid='$cd_userid' and nm_pass=password('$nm_pass') and ds_open='Y' and ds_delind='N'"),0,0); // } $chk1=@mysql_result(mysql_query("select count(cd_userid) from admin_info where cd_userid='$cd_userid' and nm_pass=password('$nm_pass') and ds_open='Y' and ds_delind='N'"),0,0); if($chk1<1) { throw new Exception("입력하신 정보가 올바르지 않거나 권한이 없습니다.", "9990"); } // // if($_SERVER['REMOTE_ADDR'] == '220.86.24.199') { // $sql ="SELECT cd_userid, nm_name, ds_level, nm_info1, nm_info2, nm_info3, ds_company_bp, ds_branch, auth1, auth2, auth3, auth4, auth5, auth6, auth7, auth8, auth9 FROM admin_info WHERE cd_userid='$cd_userid' AND ds_open='Y' AND ds_delind='N'"; // }else { // $sql ="SELECT cd_userid, nm_name, ds_level, nm_info1, nm_info2, nm_info3, ds_company_bp, ds_branch, auth1, auth2, auth3, auth4, auth5, auth6, auth7, auth8, auth9 FROM admin_info WHERE cd_userid='$cd_userid' AND nm_pass=PASSWORD('$nm_pass') AND ds_open='Y' AND ds_delind='N'"; // } $sql ="SELECT cd_userid, nm_name, ds_level, nm_info1, nm_info2, nm_info3, ds_company_bp, ds_branch, auth1, auth2, auth3, auth4, auth5, auth6, auth7, auth8, auth9 FROM admin_info WHERE cd_userid='$cd_userid' AND nm_pass=PASSWORD('$nm_pass') AND ds_open='Y' AND ds_delind='N'"; $col=mysql_fetch_array(mysql_query($sql)); // if (!empty($col['cd_userid'])){ //관리자 $_SESSION["admin_cd_userid"]=$col['cd_userid']; $_SESSION["admin_nm_name"]=$col['nm_name']; $_SESSION["admin_ds_level"]=$col['ds_level']; $_SESSION['admin_ds_company_bp'] = $col['ds_company_bp']; //관계사 $_SESSION['admin_ds_branch'] = $col['ds_branch']; //지점 $_SESSION["admin_auth1"] = $col['auth1']; $_SESSION["admin_auth2"] = $col['auth2']; $_SESSION["admin_auth3"] = $col['auth3']; $_SESSION["admin_auth4"] = $col['auth4']; $_SESSION["admin_auth5"] = $col['auth5']; $_SESSION["admin_auth6"] = $col['auth6']; $_SESSION["admin_auth7"] = $col['auth7']; $_SESSION["admin_auth8"] = $col['auth8']; $_SESSION["admin_auth9"] = $col['auth9']; setcookie( "admin_cd_userid" , $col['cd_userid'] , 60*60*24 , '/'); setcookie( "admin_nm_name" , $col['nm_name'] , 60*60*24 , '/'); setcookie( "admin_ds_level" , $col['ds_level'] , 60*60*24 , '/'); setcookie( "admin_ds_company_bp" , $col['ds_company_bp'] , 60*60*24 , '/'); setcookie( "admin_ds_branch" , $col['ds_branch'] , 60*60*24 , '/'); setcookie( "admin_auth1" , $col['auth1'] , 60*60*24 , '/'); setcookie( "admin_auth2" , $col['auth2'] , 60*60*24 , '/'); setcookie( "admin_auth3" , $col['auth3'] , 60*60*24 , '/'); setcookie( "admin_auth4" , $col['auth4'] , 60*60*24 , '/'); setcookie( "admin_auth5" , $col['auth5'] , 60*60*24 , '/'); setcookie( "admin_auth6" , $col['auth6'] , 60*60*24 , '/'); setcookie( "admin_auth7" , $col['auth7'] , 60*60*24 , '/'); setcookie( "admin_auth8" , $col['auth8'] , 60*60*24 , '/'); setcookie( "admin_auth9" , $col['auth9'] , 60*60*24 , '/'); if($_SESSION["admin_auth9"] == "Y") $url=ADMIN_PATH."buy/car_history.php"; if($_SESSION["admin_auth8"] == "Y") $url="/"; if($_SESSION["admin_auth7"] == "Y") $url="/"; if($_SESSION["admin_auth6"] == "Y") $url=ADMIN_PATH."community/community_list.php?m=6"; if($_SESSION["admin_auth5"] == "Y") $url=ADMIN_PATH."purchase/purchase_list.php?m=5"; if($_SESSION["admin_auth4"] == "Y") $url=ADMIN_PATH."buy/standby_list.php?m=4"; if($_SESSION["admin_auth3"] == "Y") $url=ADMIN_PATH."member/member.php?m=3"; if($_SESSION["admin_auth2"] == "Y") $url=ADMIN_PATH."car/brand.php?m=2"; if($_SESSION["admin_auth1"] == "Y") $url=ADMIN_PATH."admin/admin_list.php?"; // Redirect("$url"); $DATAS = array(); $DATAS['URL'] = $url; $RES['CODE'] = "0000"; $RES['MSG'] = "로그인."; $RES['DATAS'] = $DATAS; }catch(Exception $e){ $RES['CODE'] = $e->getCode(); $RES['MSG'] = $e->getMessage(); } @mysqli_close($connect); echo json_encode($RES); exit; break; //로그오프 처리 Case case "logoff": $_SESSION["admin_cd_userid"] = null; $_SESSION["admin_nm_name"] = null; $_SESSION["admin_ds_level"] = null; $_SESSION["admin_cd_userid"]=$col['cd_userid']; $_SESSION["admin_nm_name"]=$col['nm_name']; $_SESSION["admin_ds_level"]=$col['ds_level']; $_SESSION['admin_ds_company_bp'] = null; //관계사 $_SESSION['admin_ds_branch'] = null; //지점 $_SESSION["admin_auth1"] = null; $_SESSION["admin_auth2"] = null; $_SESSION["admin_auth3"] = null; $_SESSION["admin_auth4"] = null; $_SESSION["admin_auth5"] = null; $_SESSION["admin_auth6"] = null; $_SESSION["admin_auth7"] = null; $_SESSION["admin_auth8"] = null; $_SESSION["admin_auth9"] = null; Redirect(ADMIN_PATH."index.php"); break; //아이디 중복 case "IdChk": include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $RES = array('CODE'=>'9999', 'MSG'=>''); try { $cd_userid = trim(avoid_crack($_POST["cd_userid"])); $res = mysql_query("select count(cd_userid) from admin_info where cd_userid='$cd_userid' AND ds_delind = 'N'"); $cnt = mysql_result($res,0,0); if(!empty($cnt)) { throw new Exception("사용할 수 없는 아이디입니다.", "9990"); } $RES['CODE'] = "0000"; $RES['MSG'] = "사용가능한 아이디입니다."; }catch(Exception $e){ $RES['CODE'] = $e->getCode(); $RES['MSG'] = $e->getMessage(); } @mysqli_close($connect); echo json_encode($RES); exit; break; //관리자 가입처리 case "Add" : include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $cd_userid = trim($_POST["cd_userid"]); $nm_name = trim($_POST["nm_name"]); $nm_pass = trim($_POST["nm_pass"]); $ds_level = trim($_POST["ds_level"]); $ds_company_bp = trim(avoid_crack($_POST["ds_company_bp"])); $ds_branch = trim(avoid_crack($_POST["ds_branch"])); $ds_open = trim($_POST["ds_open"]); $nm_info1 = trim($_POST["nm_info1"]); $nm_info2 = trim($_POST["nm_info2"]); $nm_info3 = trim($_POST["nm_info3"]); $auth1 = trim($_POST["auth1"]); $auth2 = trim($_POST["auth2"]); $auth3 = trim($_POST["auth3"]); $auth4 = trim($_POST["auth4"]); $auth5 = trim($_POST["auth5"]); $auth6 = trim($_POST["auth6"]); $auth7 = trim($_POST["auth7"]); $auth8 = trim($_POST["auth8"]); $auth9 = trim($_POST["auth9"]); //이차조아는 관계사, 지점 사용안함 $ds_company_bp = ''; $ds_branch = ''; $ds_alimtalk = trim($_POST["ds_alimtalk"]); if(empty($ds_alimtalk) || $ds_alimtalk != "Y") { $ds_alimtalk = 'N'; } $RES = array('CODE'=>'9999', 'MSG'=>''); try { if(strlen($cd_userid)<3 || strlen($cd_userid)>14) { throw new Exception("아이디(3~14)의 자리수가 맞지 않습니다.", "9990"); } if($cd_userid=="userid" || $cd_userid=="member" || $cd_userid=="admin"){ throw new Exception("중복된 아이디입니다. 관리자에게 문의하십시요.", "9990"); } $check_id=@mysql_result(mysql_query("select count(*) from admin_info where cd_userid='$cd_userid'"),0,0); if($check_id>0) { throw new Exception("이미 사용중인 아이디입니다.다시 한번 확인하세요.", "9990"); } $sql = "insert into admin_info (cd_userid , nm_name ,nm_pass , ds_level , nm_info1, nm_info2, nm_info3, ds_company_bp, ds_branch, ds_open, dt_insert, nm_insert, dt_update, nm_update, ds_delind, auth1, auth2, auth3, auth4, auth5, auth6, auth7, auth8, auth9, ds_alimtalk ) values ('$cd_userid','$nm_name',password('$nm_pass'),'$ds_level','$nm_info1','$nm_info2','$nm_info3','$ds_company_bp','$ds_branch','$ds_open',now(),'$cd_userid',now(),'$cd_userid','N','$auth1','$auth2','$auth3','$auth4','$auth5','$auth6','$auth7','$auth8', '$auth9', '$ds_alimtalk')"; $result = mysql_query($sql,$connect); if(!$result) { throw new Exception("관리자 등록처리에 실패 하였습니다.잠시후 다시 시도해 주세요.", "9990"); } $RES['CODE'] = "0000"; $RES['MSG'] = "관리자 등록이 완료되었습니다."; }catch(Exception $e){ $RES['CODE'] = $e->getCode(); $RES['MSG'] = $e->getMessage(); } @mysqli_close($connect); echo json_encode($RES); exit; break; //관리자 정보수정처리 case "Update": include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $cd_userid = trim($_POST["cd_userid"]); $nm_name = trim($_POST["nm_name"]); $nm_pass = trim($_POST["nm_pass"]); $ds_level = trim($_POST["ds_level"]); $ds_company_bp = trim(avoid_crack($_POST["ds_company_bp"])); $ds_branch = trim(avoid_crack($_POST["ds_branch"])); $ds_open = trim($_POST["ds_open"]); $nm_info1 = trim($_POST["nm_info1"]); $nm_info2 = trim($_POST["nm_info2"]); $nm_info3 = trim($_POST["nm_info3"]); $auth1 = trim($_POST["auth1"]); $auth2 = trim($_POST["auth2"]); $auth3 = trim($_POST["auth3"]); $auth4 = trim($_POST["auth4"]); $auth5 = trim($_POST["auth5"]); $auth6 = trim($_POST["auth6"]); $auth7 = trim($_POST["auth7"]); $auth8 = trim($_POST["auth8"]); $auth9 = trim($_POST["auth9"]); //이차조아는 관계사, 지점 사용안함 $ds_company_bp = ''; $ds_branch = ''; $ds_alimtalk = trim($_POST["ds_alimtalk"]); if(empty($ds_alimtalk) || $ds_alimtalk != "Y") { $ds_alimtalk = 'N'; } $RES = array('CODE'=>'9999', 'MSG'=>''); try { // if(strlen($cd_userid)<3 || strlen($cd_userid)>14) { // throw new Exception("아이디(3~14)의 자리수가 맞지 않습니다.", "9990"); // } // if($cd_userid=="userid" || $cd_userid=="member" || $cd_userid=="admin"){ // throw new Exception("중복된 아이디입니다. 관리자에게 문의하십시요.", "9990"); // } $sql="UPDATE admin_info set nm_name = '$nm_name' , ds_level ='$ds_level' , ds_open ='$ds_open' , nm_info1 ='$nm_info1' , nm_info2 ='$nm_info2' , nm_info3 ='$nm_info3' , ds_company_bp ='$ds_company_bp' , ds_branch ='$ds_branch' , dt_update = now() , nm_update = '$cd_userid' , auth1 = '$auth1' , auth2 = '$auth2' , auth3 = '$auth3' , auth4 = '$auth4' , auth5 = '$auth5' , auth6 = '$auth6' , auth7 = '$auth7' , auth8 = '$auth8' , auth9 = '$auth9' , ds_alimtalk = '$ds_alimtalk' where cd_userid = '$cd_userid'"; // echo $sql; // exit; $result = mysql_query($sql,$connect); if(!$result) { throw new Exception("관리자 정보 수정에 실패 하였습니다.", "9990"); } if($nm_pass <> "" && $nm_pass <> null){ $sqlPwd="UPDATE admin_info set nm_pass = password('$nm_pass') where cd_userid = '$cd_userid'"; $result = mysql_query($sqlPwd,$connect); if(!$result) { throw new Exception("관리자 비밀번호 수정에 실패 하였습니다.", "9990"); } } $RES['CODE'] = "0000"; $RES['MSG'] = "관리자 수정이 완료되었습니다."; }catch(Exception $e){ $RES['CODE'] = $e->getCode(); $RES['MSG'] = $e->getMessage(); } @mysqli_close($connect); echo json_encode($RES); exit; break; //관리자 정보삭제 처리 case "Delete" : include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $RES = array('CODE'=>'9999', 'MSG'=>''); try { $cd_userid = trim($_POST["cd_userid"]); $nm_pass = trim($_POST["nm_pass"]); $sql = "update admin_info set ds_delind='Y' , nm_update = '$cd_userid' , dt_update = now() where cd_userid='$cd_userid'"; $result = mysql_query($sql,$connect); if(!$result) { throw new Exception("관리자 삭제에 실패 하였습니다.", "9990"); } $RES['CODE'] = "0000"; $RES['MSG'] = "관리자가 삭제 되었습니다."; }catch(Exception $e){ $RES['CODE'] = $e->getCode(); $RES['MSG'] = $e->getMessage(); } @mysqli_close($connect); echo json_encode($RES); exit; break; //관리자 본인정보수정처리 case "Modify": include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $cd_userid = trim($_SESSION["admin_cd_userid"]); $nm_name = trim($_POST["nm_name"]); $nm_pass = trim($_POST["nm_pass"]); $ds_level = trim($_POST["ds_level"]); $ds_company_bp = trim(avoid_crack($_POST["ds_company_bp"])); $ds_branch = trim(avoid_crack($_POST["ds_branch"])); $ds_open = trim($_POST["ds_open"]); $nm_info1 = trim($_POST["nm_info1"]); $nm_info2 = trim($_POST["nm_info2"]); $nm_info3 = trim($_POST["nm_info3"]); if(strlen($cd_userid)<3 || strlen($cd_userid)>14) { AlertBack("아이디(3~14)의 자리수가 맞지 않습니다."); } if($cd_userid=="userid" || $cd_userid=="member" || $cd_userid=="admin"){ AlertBack("중복된 아이디입니다. 관리자에게 문의하십시요."); } $sql="UPDATE admin_info set nm_name = '$nm_name' , ds_level ='$ds_level' , ds_open ='$ds_open' , nm_info1 ='$nm_info1' , nm_info2 ='$nm_info2' , nm_info3 ='$nm_info3' , dt_update = now() , nm_update = '$cd_userid' where cd_userid = '$cd_userid'"; $result = mysql_query($sql,$connect); if($nm_pass <> "" && $nm_pass <> null){ $sqlPwd="UPDATE admin_info set nm_pass = password('$nm_pass') where cd_userid = '$cd_userid'"; $result = mysql_query($sqlPwd,$connect); } if ($result) { AlertRedirect("관리자 정보가 수정하였습니다.",ADMIN_PATH."admin/mypage/admin_view.php"); }else{ AlertRedirect("관리자 정보 수정에 실패 하였습니다.",ADMIN_PATH."admin/mypage/admin_view.php"); } break; //수수료수정처리 case "Commission": include $_SERVER['DOCUMENT_ROOT'].ADMIN_PATH.'common/auth_chk.php'; $cd_userid = trim($_POST["cd_userid"]); $commission = trim($_POST["commission"]); $ds_type = trim($_POST["ds_type"]); $sql="INSERT INTO commission(cd_userid, commission, ds_type, dt_insert, nm_insert, dt_update, nm_update, ds_delind) VALUES ( '$cd_userid' ,'$commission','$ds_type' ,NOW(),'admin' ,NOW(),'admin' ,'N' ) ON DUPLICATE KEY UPDATE commission='$commission' , ds_type='$ds_type' , dt_update=NOW() , nm_update='admin' , ds_delind='N'"; $result = mysql_query($sql,$connect); if ($result) { AlertRedirect("수수료 정보 수정에 성공하였습니다.",ADMIN_PATH."admin/commission_setting.php"); }else{ AlertRedirect("수수료 정보 수정에 실패하였습니다.",ADMIN_PATH."admin/commission_setting.php"); } break; default : AlertRedirect("지정되지않은 요청입니다","/index.php"); break; } mysql_close($connect); ?>